Forum Discussion
NimbostratusAppending Domain to username Single Sign On
Hi,
New to F5, My web portal resource expects a username in the form username@domain is there a way that I can do Forms based SSO to this resource without the user having to append the @domain when they type in their username. I guess the question is how do you combine the username session variable and domain session variable to create a new variable that can be referenced as the username in the SSO configuration.
Thanks in advance
4 Replies
Cthulhucalling_Cirrus
I haven't tried this myself, for Forms-based SSO you may be able to specify "session.sso.token.last.username@domain" as the username source.
Seth_CooperEmployee
Hi,
If you are doing an AD Query as part of your VPE the "session.ad.last.attr.userPrincipalName" session variable should be populated. This is the format of "user@domain"... so you can use this as the username and then the normal password variable in the configuration.
Regards,
Seth
cjmalon_145830Hi,
CT I have tried the following for username source in the SSO configuration.
session.sso.token.last.username@domain "session.sso.token.last.username@domain" %{session.sso.token.last.username}@%{session.sso.token.last.domain} after populating session.sso.token.last.domain as a variable.
None of these work.
Seth, Unfortunately for political reasons I am authenticating off a Radius Server.
- Seth_Cooper
Hi CJ,
Where are you getting the "domain" information from? What is populating the %{session.sso.token.last.domain} variable?
Will you always be using the same domain? If so it should be pretty easy to make the correct variable. I would use a variable assign in the VPE to build the variable and then pass it to the SSO object.
Seth
